Logo
Unit42 Logo
  • Tools
  • ATOMs
  • Security Consulting
  • About Us
  • Under Attack?

Posts created by: Robert Falcone

Threat Brief: 3CXDesktopApp Supply Chain Attack (Updated)A pictorial representation of a supply chain attack like that against 3CXDesktopApp
76,253
people reacted

Threat Brief: 3CXDesktopApp Supply Chain Attack (Updated)

  • By Robert Falcone and Josh Grunzweig
  • March 30, 2023 at 12:50 PM

29

8 min. read

Threat Brief: OWASSRF Vulnerability ExploitationA pictorial representation of the ProxyNotShell bypass threat brief
63,011
people reacted

Threat Brief: OWASSRF Vulnerability Exploitation

  • By Robert Falcone and Lior Rochberger
  • December 22, 2022 at 5:30 PM

12

9 min. read

Trending

  • Threat Brief: Attacks on Critical Infrastructure Attributed to Volt Typhoon by Unit 42
  • Cold as Ice: Unit 42 Wireshark Quiz for IcedID by Brad Duncan
  • Old Wine in the New Bottle: Mirai Variant Targets Multiple IoT Devices by Zhibin Zhang
  • Cold as Ice: Answers to Unit 42 Wireshark Quiz for IcedID by Brad Duncan
CVE-2022-22965: Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell) (Updated)A conceptual image representing a vulnerability, such as CVE-2022-22965, aka SpringShell, discussed here.
104,655
people reacted

CVE-2022-22965: Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell) (Updated)

  • By Haozhe Zhang, Ken Hsu, Tao Yan, Qi Deng and Robert Falcone
  • March 31, 2022 at 4:30 PM

89

12 min. read

Threat Brief: Ongoing Russia and Ukraine Cyber ActivityA conceptual image representing cyber conflict such as the use of CVE-2021-32648 and WhisperGate currently targeting Ukraine.
83,424
people reacted

Threat Brief: Ongoing Russia and Ukraine Cyber Activity

  • By Robert Falcone, Mike Harbison and Josh Grunzweig
  • January 20, 2022 at 12:30 PM

55

8 min. read

Another Apache Log4j Vulnerability Is Actively Exploited in the Wild (CVE-2021-44228) (Updated)A conceptual image representing a vulnerability, such as the Apache log4j remote code execution vulnerability discussed here, CVE-2021-44228.
303,809
people reacted

Another Apache Log4j Vulnerability Is Actively Exploited in the Wild (CVE-2021-44228) (Updated)

  • By Tao Yan, Qi Deng, Haozhe Zhang, Yu Fu, Josh Grunzweig, Mike Harbison and Robert Falcone
  • December 10, 2021 at 1:00 PM

471

15 min. read

APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk PlusA conceptual image symbolizing cybercrime and the use of backdoors, such as the activity we observed in an APT's TiltedTemple Campaign against ManageEngine ServiceDesk Plus, as discussed here.
62,372
people reacted

APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus

  • By Robert Falcone and Peter Renals
  • December 2, 2021 at 6:00 AM

19

10 min. read

Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge StealerA conceptual image representing cybercrime, such as the use of the NGLite backdoor described here and the KdcSponge credential-stealing tool.
110,628
people reacted

Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer

  • By Robert Falcone, Jeff White and Peter Renals
  • November 7, 2021 at 6:00 PM

68

18 min. read

Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" ToolsMespinoza ransomware gang
53,193
people reacted

Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" Tools

  • By Robert Falcone, Alex Hinchliffe and Quinn Cooke
  • July 15, 2021 at 3:00 AM

21

23 min. read

New Shameless Commodity Cryptocurrency Stealer (WeSteal) and Commodity RAT (WeControl)A conceptual image representing the new cryptocurrency stealer, WeSteal.
49,083
people reacted

New Shameless Commodity Cryptocurrency Stealer (WeSteal) and Commodity RAT (WeControl)

  • By Robert Falcone and Simon Conant
  • April 29, 2021 at 12:01 AM

35

9 min. read

Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of CredentialsA conceptual image representing espionage, such as the attempted (but unsuccessful) credential harvesting discussed here.
44,397
people reacted

Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of Credentials

  • By Robert Falcone
  • April 15, 2021 at 6:00 AM

21

8 min. read

xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral MovementThe BumbleBee webshell, conceptually illustrated here, was discovered as part of an investigation of the continued xHunt campaign.
51,355
people reacted

xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement

  • By Robert Falcone
  • January 11, 2021 at 12:01 AM

20

25 min. read

Threat Assessment: Egregor RansomwareConceptual image illustrating Egregor ransomware.
39,376
people reacted

Threat Assessment: Egregor Ransomware

  • By Doel Santos, Brittany Barbehenn and Robert Falcone
  • December 8, 2020 at 6:00 PM

32

5 min. read

xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and ControlA conceptual image illustrating the concept of espionage, including the type of stealthy activity using backdoors that threat researchers observed the xHunt campaign using.
48,358
people reacted

xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control

  • By Robert Falcone
  • November 9, 2020 at 12:00 AM

35

12 min. read

Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North AfricaAn illustration of the concept of ransomware, including Thanos
62,767
people reacted

Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa

  • By Robert Falcone
  • September 4, 2020 at 6:00 AM

14

13 min. read

Threat Assessment: WastedLocker RansomwareConceptual image illustrating WastedLocker ransomware
45,722
people reacted

Threat Assessment: WastedLocker Ransomware

  • By Alex Hinchliffe, Doel Santos, Adrian McCabe and Robert Falcone
  • July 30, 2020 at 6:00 AM

30

4 min. read

Popular Resources

  • Resource Center
  • Blog
  • Communities
  • Tech Docs
  • Unit 42
  • Sitemap

Legal Notices

  • Privacy
  • Terms of Use
  • Documents

Account

  • Manage Subscriptions
  •  
  • Report a Vulnerability

© 2023 Palo Alto Networks, Inc. All rights reserved.